Computer possibly controlled by a botnet - a VPN helps? Urgent solutions??

[F Bruno]

Have been getting all sorts of problems in the last 16-18 months (W 7 64x and 32x )in at least 6 computers. At first I thought were due to virus infections or Trojan subsets. Switched to windows 10 via (notification area) updates. This change almost unleashed hell. Trouble got worse and worse. At first I attributed that to vagaries of windows 10 - in two cases the OS was reset. Inexplicable mouse freezing and restarting of the computer and crashes of all sorts. Icons disappeared from the desktop as well as different types of files. Bought a new (ASUS) relatively powerful PC 2 months ago to no avail.

I've got BitDefender's Total Security and Malwarebytes Premium- allways have. And I have cleaned completely different computers in the past.

Recently I used MX Tool to recheck IPv4/ 6 and found out (my) IP was located in a well known Atlantic island. I was blacklisted in various lists, etc.

My reaction was to change all password (I use LastPass Premium anyway). Even so Windows password started behaving whimsically. Sometimes it ceases to be accepted and then it is again accepted in a different computer. Yesterday I was locked from my main computer but succeeded in solving that.

Thought one possible solution was to get a VPN which I did - PureVPN. The IP, however, changes but often comes back to the original combination. Should an IP permanent change

I´m in the middle of a big writing workload, need nights and weekends to be able to write against a time limit and frankly I am out of ideas and patience.

I'd be grateful if someone could provide some help


Thank you in advance

 

[F Bruno]

As to the advert appearing out of the blue and claiming being capable of solving every windows error (Reimage) I stress I have used Reimage in most of the above computers. The problems persisted without NO positive end result.

 

[Regedit32]

Recently I used MX Tool to recheck IPv4/ 6 and found out (my) IP was located in a well known Atlantic island. I was blacklisted in various lists, etc.

The IP you are assigned ultimately belongs to the ISP assigning this. If that ISP is marked as a potential source of spammer emails then it will become blacklisted as will any IP assigned from it. That may be what is being detected by MX Tool in your case as its blacklist database is primarily set up to spot email servers known to have sent spam e-mails.

Keep in mind if you have been infected by trojan and/or virus at any time and one of these succeeded in accessing your personal emails to self replicate itself by emailing your contacts, then whatever email server you were using at the time could potentially have been blacklisted at that point in time. .

If you believe you are infected with a Bot it is possible your current security software is not detecting it at all. Bots are notoriously difficult to detect.

Given you are using Microsoft Windows you could scan your own computer using their built in tools which were specifically designed to detect bot infections. When first introduced by Microsoft the organization responsible for monitoring bot networks (zombie computers infected by a bot all running as one giant connected network) reported a massive 20% drop in such networks in the first month.

Hackers of course are forever finding ways to circumvent security so nothing is guaranteed to be 100% perfect hence your best security is to avoid sites likely to contain infected downloads of video content, applications, photos, etcetera.

Each month (Patch Tuesday) Microsoft sends its latest definition list for their built in tool and this will run silently in the background of a Windows OS. This tool can be manually run also (note the scan can take 2+ hours so patience is needed).

• Tool name: Malicious Software Removal Tool
• Executable name: MRT.exe
  
  To run this simply right-click on Start | select Run | type mrt | click OK
  
  When the UAC prompt pops up click Yes
  
  Click Next when MRT window opens then select scan option and click Next
  
  Note: Given you mentioned up to 6 computers one only 2 months old demonstrating the behaviour you are concerned about it seems to me you are using some pre-existing infected disks to install programs or back ups to your computers.
  
  #1 I'd recommend choosing a Full Scan above.
  
  #2 I'd recommend you scan any internal or external media you use for backups, or installing third party applications, games, photos, videos etcetera. FULL scan those too!
  
  #3 If an infection is found in any external media, or on your current system and you happen to use a Cloud service like Google Drive or OneDrive, or iCloud, etcetera, I'd recommend considering deleting content there or at the very least turning off syncing until you can confirm anything on the cloud is safe.

There is no reason not to trust this tool, but if you want to be thorough you could also use the bot detection tool for networks (which can run as a stand-a-lone on a pc) created by the international organization responsible for monitoring Bot networks here:

• https://www.sri.com/engage/products-solutions/bothunter-malware-infection-diagnosis-system

You could also try Microsoft's security scanner:

• http://www.microsoft.com/security/scanner/en-us/default.aspx

Regards,

Regedit32

 

[F Bruno]

Hello Regedit32,
The IP I was assigned was not the one I found with MXTool. That was a different number with a alltogether different location. I am in the european continent whereas the other IP (I got a map and a location) was in an Atlantic island.

That was the reason I resorted to Pure VPN although the software does not seem very reliable.

I will try your solutions straight away though and will tell you of the results.

Thanks very much for your help,
F Bruno

 

[F Bruno]

Hello Regedit32,
The IP I was assigned was not the one I found with MXTool. That was a different number with a alltogether different location. I am in the european continent whereas the other IP (I got a map and a location) was in an Atlantic island.

That was the reason I resorted to Pure VPN although the software does not seem very reliable.

I will try your solutions straight away though and will tell you of the results.

Thanks very much for your help,
F Bruno

Hello again Regedit32,

I followed your suggestions to the letter: Malicious Software Removal Tool was used in 2 of the computers (took about 3 days. and found a few (> 30) possible malware though nothing seemed serious. Many seemed adware or PUP's apparently missed by MBAM and BitDefender. MRT
removed them all.

Have been running your third tool (Microsoft's security scanner) and up to now it found a virus. The behaviour of the computer, however, did not change. If anything it seemed to improve a little after disabling Pure VPN which I find rather strange.

The anti-bot you mentioned (Bothunter) unfortunately does not appear to have a W10 64x version. I tried to find another anti-bot for this purpose but did not succeed.

Would it be possible to recommend to me a W10 64x anti-bot?

Best regards,

F Bruno

 

[Regedit32]

The anti-bot you mentioned (Bothunter) unfortunately does not appear to have a W10 64x version. I tried to find another anti-bot for this purpose but did not succeed.

Hi F Bruno,

A 32-bit application will install and run fine on a 64-bit operating system. So their application ought to be ok for you.

The opposite scenario of course would not work (i.e. if you OS was 32-bit you could not install and run a 64-bit application.)

 

[F Bruno]

Hi Regedit32
I am aware that 32 x work on 64x - with some of my applications even Firefox I'm using the 32 version. The problem was that the downloaded file did not run at all. I even tried running it as an administrator. At least it didn't work with me. I may try again.

Regards,